CVE-2026-45999

HIGH EPSS 3.1%
Published May 27, 20261mo ago · Modified Jun 19, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published May 27, 2026 1mo ago
Last Modified Jun 19, 2026 1w ago

Description

In the Linux kernel, the following vulnerability has been resolved: erofs: fix unsigned underflow in z_erofs_lz4_handle_overlap() Some crafted images can have illegal (!partial_decoding && m_llen < m_plen) extents, and the LZ4 inplace decompression path can be wrongly hit, but it cannot handle (outpages < inpages) properly: "outpages - inpages" wraps to a large value and the subsequent rq->out[] access reads past the decompressed_pages array. However, such crafted cases can correctly result in a corruption report in the normal LZ4 non-inplace path. Let's add an additional check to fix this for backporting. Reproducible image (base64-encoded gzipped blob): H4sIAJGR12kCA+3SPUoDQRgG4MkmkkZk8QRbRFIIi9hbpEjrHQI5ghfwCN5BLCzTGtLbBI+g dilSJo1CnIm7GEXFxhT6PDDwfrs73/ywIQD/1ePD4r7Ou6ETsrq4mu7XcWfj++Pb58nJU/9i PNtbjhan04/9GtX4qVYc814WDqt6FaX5s+ZwXXeq52lndT6IuVvlblytLMvh4Gzwaf90nsvz 2DF/21+20T/ldgp5s1jXRaN4t/8izsy/OUB6e/Qa79r+JwAAAAAAAL52vQVuGQAAAP6+my1w ywAAAAAAAADwu14ATsEYtgBQAAA= $ mount -t erofs -o cache_strategy=disabled foo.erofs /mnt $ dd if=/mnt/data of=/dev/null bs=4096 count=1

CVSS Details

Base Score
7.1
Exploitability
1.8
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
3.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-191

Affected Products 4

VendorProductVersionRange
linuxlinux_kernel*≥5.13  –  <6.6.140
linuxlinux_kernel*≥6.7  –  <6.12.88
linuxlinux_kernel*≥6.13  –  <6.18.30
linuxlinux_kernel*≥6.19  –  <7.0.4

References 7

  • git.kernel.org https://git.kernel.org/stable/c/118ff71ff09ebaf323a09af9e911517321a299f4
  • git.kernel.org https://git.kernel.org/stable/c/21e161de2dc660b1bb70ef5b156ab8e6e1cca3ab
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43a878639b90e9721ffa5eb616a7e6d8454adef3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/778acd52e9497806fbd2cea7f770c41d6850fc48
  • git.kernel.org https://git.kernel.org/stable/c/bbbbb3f0d7864238a8da2a94cd6ec013fee06a2e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c9ce18e6bb2c467ec85756dc7989b547b7584fee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f1374fa6e57fd836623668d782ded9244cfd2938
    Patch

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/21e161de2dc660b1bb70ef5b156ab8e6e1cca3ab
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/43a878639b90e9721ffa5eb616a7e6d8454adef3
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/bbbbb3f0d7864238a8da2a94cd6ec013fee06a2e
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/c9ce18e6bb2c467ec85756dc7989b547b7584fee
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/f1374fa6e57fd836623668d782ded9244cfd2938
    Patch